On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote: > On Tue, Jan 11, 2011 at 12:19 PM, <d...@geer.org> wrote: >> >> If one is a purist, then one wants sign>encrypt>sign >> >> See http://world.std.com/~dtd/#sign_encrypt > > That is a really interesting paper. Did the OpenPGP protocol ever > include a fix for the attack they describe?
No. It was generally felt that this was more of an attack on the user of crypto, rather than on the crypto itself. See this thread from when the paper was first published: http://www.mail-archive.com/cryptography@wasabisystems.com/msg00259.html And especially: http://www.mail-archive.com/cryptography@wasabisystems.com/msg00261.html David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
